To see the other types of publications on this topic, follow the link: Application for a certificate.
Dissertations / Theses on the topic 'Application for a certificate'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Application for a certificate.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Krontiris, Alexandros. "Evaluation of Certificate Enrollment over Application Layer Security." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-236033.
Full textAbstract:
This thesis analyzes Application Layer security protocols for certificate enrollment and management. EDHOC, Ephemeral Diffie-HellmanOver COSE, is a recently developed key exchange protocol whichis designed to provide authentication and key-exchange functionality with compact message sizes and minimum round-trip-time. The workof this thesis extends the EDHOC protocol with a certificate enrollment functionality, targeting IoT constrained devices and it has been implemented for analysis and evaluation purposes. The main scope of this document is to study the security, performance and scalability (in descendingorder of importance) of enrollment over EDHOC compared to other certificate enrollment protocols.Detta examensarbete analyserar säkerhetsprotokoll av typen ApplicationLayer för certifikatregistrering och hantering. EDHOC, Ephemeral Diffie-Hellman Over COSE, har implementerats, analyserats och utvärderats. EDHOC är ett nyligen utvecklat Application Layer-protokoll som är utformat för att tillhandahålla autentiserings- och nyckelfunktionsfunktioner med kompakta meddelandestorlekar och minimala rundturstider, inriktat på IoT-begränsade enheter. Huvudområdet för examensarbetet är att studera säkerhet, prestanda och skalbarhet (i fallande ordning av betydelse) hos EDHOC jämfört med andra föreslagna Application Layer-säkerhetsprotokoll som utför certifikatsskrivning.
2
Gaina, Maxim. "Blockchain and Smartcontracts: Fundamentals and a Decentralized Application Case-Study." Master's thesis, Alma Mater Studiorum - Università di Bologna, 2018. http://amslaurea.unibo.it/15189/.
Full textAbstract:
Questo lavoro di tesi tratta l'implementazione di un'applicazione decentralizzata in grado di certificare eventi accaduti nel mondo reale, compiuti da parte di un'organizzazione. Tali certificati devono essere (i) verificabili da chiunque, in un qualsiasi momento della storia e senza la necessità di terze parti, (ii) avere un costo di rilascio ragionevole per l'autore e (iii), avere tempi di conferma accettabili. Per poter definire meglio (a) le modalità in cui è possibile farlo, (b) l'esito del lavoro svolto ed eventuali problemi emersi, e (c) i futuri sviluppi, la tesi si prefissa i seguenti obiettivi. Verrà discusso in che modo un generico protocollo Blockchain si inserisce nell'ambito dei sistemi distribuiti. L'avvento di Bitcoin infatti, permette per la prima volta di implementare un sistema distribuito e decentralizzato, in cui è possibile avere fiducia tanto quanto necessario per eseguire transazioni finanziarie. Verranno individuate le proprietà che un protocollo deve avere per garantire sicurezza, e se possono essere raggiunte contemporaneamente. Nello stesso modo in cui i protocolli blockchain esistono "sopra" le reti peer-to-peer, verrà descritto il modo in cui gli Smartcontracts possono essere introdotti nelle blockchain. Verrà visto come questi costrutti rendono possibile l'implementazione di Applicazioni Decentralizzate (dapp). Si vedrà che tali registri distribuiti e pubblici, sono comunque in una fase di sviluppo piuttosto immatura e presentano alcuni problemi. Fra questi, quello della scalabilità all'aumentare degli utenti. Verrà visto il motivo, e il modo in cui questo problema interferisce con l'operatività della dapp realizzata.
3
Abakar, Mahamat Ahmat. "Etude et mise en oeuvre d'une architecture pour l'authentification et la gestion de documents numériques certifiés : application dans le contexte des services en ligne pour le grand public." Phd thesis, Université Jean Monnet - Saint-Etienne, 2012. http://tel.archives-ouvertes.fr/tel-00975965.
Full textAbstract:
Dans un environnement ouvert tel que l'Internet, les interlocuteurs sont parfois inconnus et toujours dématérialisés. Les concepts et les technologies de la confiance numérique et de la sécurité informatique doivent se combiner pour permettre un contrôle d'accès en environnement ouvert. Dans nos travaux, nous nous proposons d'étudier les concepts majeurs de cette problématique, puis de concevoir, et enfin de développer un système fonctionnel, basé sur des standards du contrôle d'accès, pour un environnement ouvert et appliqué à l'Internet. Plus précisément, notre étude consiste à mettre en œuvre une architecture de contrôle d'accès basée sur la confiance numérique. L'élément central de cette architecture est l'environnement utilisateur très riche et déployé en ligne. Cet environnement est doté de trois modules principaux qui permettent à l'utilisateur de mener à bien ses transactions. Ces modules sont le module d'analyse de règlements, le module de récupération de données et le module de validation de règlements. Nous avons élaborés des algorithmes utilisés dans ces modules. L'usage est le suivant. L'utilisateur demande un service à un fournisseur de services, celui-ci analyse la requête de l'utilisateur et extrait le règlement à partir de la base des règles de contrôle d'accès. Cette architecture est conçue à l'aide de modèles de contrôle d'accès basé sur les attributs et le langage XACML. Ce règlement contient des conditions à satisfaire par l'utilisateur pour obtenir le droit d'accès à la ressource demandée. Le module d'analyse de règlement permet à l'utilisateur d'analyser le règlement reçu du fournisseur de service. Cette analyse consiste à vérifier à l'aide d'un algorithme la disponibilité de ses informations auprès de ses sources d'information d'identité de confiance pour le fournisseur de services. Le module de récupération de données permet ensuite à l'utilisateur de récupérer ses certificats. Le module de validation lui permet de tester qu'il satisfait le règlement grâce aux certificats. Si le règlement est satisfait l'utilisateur diffuse ses certificats au fournisseur de service. La conception de ce système repose sur un ensemble de brique technologiques étudiées et décrites dans ces travaux. Ce document débute par une étude des différents cas d'usage dans le domaine des transactions en ligne. Cette étude permet de mettre en évidence la problématique de la gestion des identités numériques en environnement ouvert. Les organisations virtuelles, la notion de partenariat et la confiance sont des éléments clés qui entrent dans la conception des systèmes de contrôle d'accès basé sur la confiance. Une première étude d'un ensemble de modèles de contrôle d'accès nous permet de dégager le modèle ABAC et le langage XACML pour la conception de notre système. Dans un second temps, nous concevons le modèle de données de notre système de contrôle d'accès distribué et nous présentons et évaluons les algorithmes clés. Ensuite, nous concevons une architecture protocolaire satisfaisant les besoins d'interopérabilité entre les différentes entités impliquées. Il s'agit de protocoles permettant d'établir une session auprès d'un système, permettant de véhiculer un règlement de contrôle d'accès et permettant d'obtenir et de diffuser des informations entre tiers de confiance. La dernière partie est consacrée à l'implémentation réalisée en langage python et en utilisant le " framework " de développement Web Django
4
Nicodeme, Marc. "Identifiabilité des signaux parcimonieux structurés et solutions algorithmiques associées : application à la reconstruction tomographique à faible nombre de vues." Thesis, Bordeaux, 2016. http://www.theses.fr/2016BORD0096/document.
Full textAbstract:
Cette thèse étudie différents problèmes de minimisations avec des fonctions de régularisations qui promeuvent la parcimonie. Plus précisément, on souhaite reconstruire une image, que l'on suppose parcimonieuse et qui a subit une transformation après un opérateur linéaire, à l'aide de problèmes de minimisations. Dans ce manuscrit, on s'intéressera plus particulièrement à la minimisation l1 synthèse, analyse et bloc qui sont très utilisées pour reconstruction une image que l'on sait parcimonieuse. Ces minimisations produisent en pratique des résultats convaincants qui n'ont été compris théoriquement que récemment. Les différents travaux sur le sujet mettent en évidence le rôle d'un vecteur particulier appelé certificat dual. L'existence d'un certificat dual permet à la fois d'assurer la reconstruction exacte d'une image dans le cas où il n'y a pas de perturbations et d'estimer l'erreur de la reconstruction en présence de perturbations. Dans nos travaux, nous allons introduire l'existence d'un certifical dual optimal pour la minimisation l1 synthèse qui minimisent l'erreur de reconstruction. Ces résultats ayant une forte interprétation géométrique, nous avons développé un critère identifiabilité, c'est à dire que ce critère assure que l'image recherchée est l'unique solution du problème de minimisation. Ce critère permet d'étendre nos travaux à la minimisation l1 analyse, l1 bloc et à d'autres casThis thesis studies different minimization problems with sparses based regularization. More precisely, we want to reconstruct a sparses image, which undergone a linear transformation, with minimization problems. In this manuscript, we will be focused on l1 synthesis, analysis and block minimization which are widely used in sparse approximations. These problems offer competitive results which are theorietical understood only recntly. Different studies on the subject emphasized the contribution of a particular vector called dual certificate. The existence of this dual certificate allows simultaneously to guarantee the exact recovey of an image in noiseless case and to estimate the noise robustness in noisy case. In this work, we introduce eth existence of an optimal dual certificate for the l1 synthesis minimization which minimizes the reconstruction error. As those results have a strong geometrical interpretation, we develop an identifiability criterion which ensures the uniqueness of a solution. This criterion generalizes the work on l1 synthesis minimization tothe analysis case, block case and others
5
Zbierska, Katarzyna [Verfasser]. "Application and Importance of Supplementary Protection Certificates for Medicinal Products in the European Union / Katarzyna Zbierska." Aachen : Shaker, 2012. http://d-nb.info/1069050253/34.
Full text
6
Engström, Pontus. "Modernizing forms at KTH : Using Digital Signatures." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-193898.
Full textAbstract:
Today both government agencies and companies struggle to keep up with the pace of the continuous change of technology. With all new technology there are benefits, but new problems might also occur. Implementing new technology for certain tasks may increase both efficiency and security, resulting in a more sustainable work environment. One technology that is increasingly adopted is digital signatures. Instead of using classical handwritten signatures on documents, a digital signature can be more time efficient and have higher security. In order to implement a digital signature technology some security aspects must be addressed and certain properties ensured. In the document signature process, each time an individual verifies a signature attached onto a document a log entry is created. This log contains information about who verified which document, does it have multiple parts that have been signed, does it need multiple signatures in order to be valid, and at what time and date was the document signed. Logs help to ensure the validity of the document and thereby increase the security provided by the digital signatures. At KTH, a student must sign an application form with a regular ink-written signature to start a thesis project. This process can in most cases delay the start up to two weeks. This study aims to implement digital signatures for one specific form, an application form for a thesis project. The hypothesis at the start of the project was that the use of digital signature would decrease the time of waiting significantly. Personnel at KTH using digital signature would facilitate their work efficiency, due to less printing and archiving of papers as well fewer meetings. This study will provide the reader with the necessary fundamental knowledge of cryptography and how digital signatures use this underlying technology. The methodology used in this study was to identify and modify certain software settings, as well collect data from students and personnel at KTH. The collected data was based on time measurements of digital signature processes from students and a faculty member. The results show digital signatures are faster than the current signing process with traditional ink-written signatures. Additionally, the use of digital signatures is expected to reduce the need for printing, transport, and sorting of paper documents. The resulting reduction in use of physical paper should provide environmental benefits.Dagens myndigheter och företag har det svårt att ständigt följa den tekniska utvecklingen. Ny teknik skapar oftast nya fördelar och andra förmåner men kan ibland också orsaka problem. Att implementera ny teknik för specifika ändamål kan öka både effektivitet och säkerhet, vilket resulterar i en mer effektiv arbetsplats. En teknik som introduceras allt mer på sistone är digitala signaturer. Istället för att signera dokument med en handskriven signatur kan en digital signatur vara mer tidseffektiv och ha en högre säkerhet. För att implementera tekniken bakom digitala signaturer måste särskilda säkerhetsaspekter adresseras och specifika inställningar säkerställas. I signaturprocessen måste varje individ verifiera signaturen som är bifogad på dokumentet, denna verifiering skapar även en logg. En logg innehåller bland annat information om vem som verifierade dokumentet, om dokumentet har fler än en bifogad signatur, behöver dokumentet fler signaturer för att vara giltigt och vilken tid och datum var dokumentet signerat. En logg säkerställer validiteten av dokumentet och ökar därmed säkerheten för digitala signaturer. På KTH krävs en skriftlig ansökan för att påbörja ett examensarbete. Med nuvarande process kan det i vissa fall leda till en försenad projektstart med upp till två veckor. Den här studien syftar till att implementera digitala signaturer för ett specifikt formulär, en ansökningsblankett för att påbörja ett examensarbete. Hypotesen vid projektstart var att användning av digitala signaturer skulle kunna förminska väntetiden signifikant. Anställda på KTH som utnyttjar digitala signaturer skulle kunna förbättra deras arbetseffektivitet på grund av färre pappersutskrifter, mindre pappersarkivering och färre möten. Den här studien kommer att förse läsaren med de mest nödvändiga kunskaperna av kryptografi och hur digitala signaturer använder krypteringsfenomenet. Metodiken som användes syftade till att identifiera och modifiera specifika mjukvaruinställningar samt samla in data från studenter och personal på KTH. Den insamlade datan baserades på tidsmätningar av digitala signatursprocesser från studenter, studievägledare och handledare. Resultatet från studien visade att digitala signaturer skulle ge en snabbare signeringsprocess än nuvarande formulär. Det kan dessutom förväntas att med digitala signaturer skulle pappersutskrifter, papperstransporter och sortering av dessa dokument reduceras. Resultatet av minskad användning av fysiskt papper kommer att generera arbetsfördelar.
7
Blanco, Martínez Roberto. "Applications of Foundational Proof Certificates in theorem proving." Thesis, Université Paris-Saclay (ComUE), 2017. http://www.theses.fr/2017SACLX111/document.
Full textAbstract:
La confiance formelle en une propriété abstraite provient de l'existence d'une preuve de sa correction, qu'il s'agisse d'un théorème mathématique ou d'une qualité du comportement d'un logiciel ou processeur. Il existe de nombreuses définitions différentes de ce qu'est une preuve, selon par exemple qu'elle est écrite soit par des humains soit par des machines, mais ces définitions sont toutes concernées par le problème d'établir qu'un document représente en fait une preuve correcte. Le cadre des Certificats de Preuve Fondamentaux (Foundational Proof Certificates, FPC) est une approche proposée récemment pour étudier ce problème, fondée sur des progrès de la théorie de la démonstration pour définir la sémantique des formats de preuve. Les preuves ainsi définies peuvent être vérifiées indépendamment par un noyau vérificateur de confiance codé dans un langage de programmation logique. Cette thèse étend des résultats initiaux sur la certification de preuves du premier ordre en explorant plusieurs dimensions logiques essentielles, organisées en combinaisons correspondant à leur usage en pratique: d'abord, la logique classique sans points fixes, dont les preuves sont générées par des démonstrateurs automatiques de théorème; ensuite, la logique intuitionniste avec points fixes et égalité,dont les preuves sont générées par des assistants de preuve. Les certificats de preuve ne se limitent pas comme précédemment à servir de représentation des preuves complètes pour les vérifier indépendamment. Leur rôle s'étend pour englober des transformations de preuve qui peuvent enrichir ou compacter leur représentation. Ces transformations peuvent rendre des certificats plus simples opérationnellement, ce qui motive la construction d'une suite de vérificateurs de preuve de plus en plus fiables et performants. Une autre nouvelle fonction des certificats de preuve est l'écriture d'aperçus de preuve de haut niveau, qui expriment des schémas de preuve tels qu'ils sont employés dans la pratique des mathématiciens, ou dans des techniques automatiques comme le property-based testing. Ces développements s'appliquent à la certification intégrale de résultats générés par deux familles majeures de démonstrateurs automatiques de théorème, utilisant techniques de résolution et satisfaisabilité, ainsi qu'à la création de langages programmables de description de preuve pour un assistant de preuveFormal trust in an abstract property, be it a mathematical result or a quality of the behavior of a computer program or a piece of hardware, is founded on the existence of a proof of its correctness. Many different kinds of proofs are written by mathematicians or generated by theorem provers, with the common problem of ascertaining whether those claimed proofs are themselves correct. The recently proposed Foundational Proof Certificate (FPC) framework harnesses advances in proof theory to define the semantics of proof formats, which can be verified by an independent and trusted proof checking kernel written in a logic programming language. This thesis extends initial results in certification of first-order proofs in several directions. It covers various essential logical axes grouped in meaningful combinations as they occur in practice: first,classical logic without fixed points and proofs generated by automated theorem provers; later, intuitionistic logic with fixed points and equality as logical connectives and proofs generated by proof assistants. The role of proof certificates is no longer limited to representing complete proofs to enable independent checking, but is extended to model proof transformations where details can be added to or subtracted from a certificate. These transformations yield operationally simpler certificates, around which increasingly trustworthy and performant proof checkers are constructed. Another new role of proof certificates is writing high-level proof outlines, which can be used to represent standard proof patterns as written by mathematicians, as well as automated techniques like property-based testing. We apply these developments to fully certify results produced by two families of standard automated theorem provers: resolution- and satisfiability-based. Another application is the design of programmable proof description languages for a proof assistant
8
Cox, Bruce. "Applications of accuracy certificates for problems with convex structure." Diss., Georgia Institute of Technology, 2011. http://hdl.handle.net/1853/39489.
Full textAbstract:
Applications of accuracy certificates for problems with convex structure This dissertation addresses the efficient generation and potential applications of accuracy certificates in the framework of “black-box-represented” convex optimization problems - convex problems where the objective and the constraints are represented by “black boxes” which, given on input a value x of the argument, somehow (perhaps in a fashion unknown to the user) provide on output the values and the derivatives of the objective and the constraints at x. The main body of the dissertation can be split into three parts. In the first part, we provide our background --- state of the art of the theory of accuracy certificates for black-box-represented convex optimization. In the second part, we extend the toolbox of black-box-oriented convex optimization algorithms with accuracy certificates by equipping with these certificates a state-of-the-art algorithm for large-scale nonsmooth black-box-represented problems with convex structure, specifically, the Non-Euclidean Restricted Memory Level (NERML) method. In the third part, we present several novel academic applications of accuracy certificates. The dissertation is organized as follows: In Chapter 1, we motivate our research goals and present a detailed summary of our results. In Chapter 2, we outline the relevant background, specifically, describe four generic black-box-represented generic problems with convex structure (Convex Minimization, Convex-Concave Saddle Point, Convex Nash Equilibrium, and Variational Inequality with Monotone Operator), and outline the existing theory of accuracy certificates for these problems. In Chapter 3, we develop techniques for equipping with on-line accuracy certificates the state-of-the-art NERML algorithm for large-scale nonsmooth problems with convex structure, both in the cases when the domain of the problem is a simple solid and in the case when the domain is given by Separation oracle. In Chapter 4, we develop several novel academic applications of accuracy certificates, primarily to (a) efficient certifying emptiness of the intersection of finitely many solids given by Separation oracles, and (b) building efficient algorithms for convex minimization over solids given by Linear Optimization oracles (both precise and approximate). In Chapter 5, we apply accuracy certificates to efficient decomposition of “well structured” convex-concave saddle point problems, with applications to computationally attractive decomposition of a large-scale LP program with the constraint matrix which becomes block-diagonal after eliminating a relatively small number of possibly dense columns (corresponding to “linking variables”) and possibly dense rows (corresponding to “linking constraints”).
9
Soják, Zbyněk. "Certifikační postupy pro experimentální letouny." Master's thesis, Vysoké učení technické v Brně. Fakulta strojního inženýrství, 2008. http://www.nusl.cz/ntk/nusl-228076.
Full textAbstract:
Work includes certification procedures for experimental aeroplanes. Producer must answer individual work for right procedure certification. Office UCL give works and control production procedure aeroplane. Stationery (applications, confirmation, tec.) are part of work and is need make and feed. Part of work is VUT 001 MARABU and technical characteristics aeroplane.
10
Hagström, Åsa. "Understanding Certificate Revocation." Licentiate thesis, Linköping University, Linköping University, Department of Electrical Engineering, 2006. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-5477.
Full textAbstract:
Correct certificate revocation practices are essential to each public-key infrastructure. While there exist a number of protocols to achieve revocation in PKI systems, there has been very little work on the theory behind it: Which different types of revocation can be identified? What is the intended effect of a specific revocation type to the knowledge base of each entity?
As a first step towards a methodology for the development of reliable models, we present a graph-based formalism for specification and reasoning about the distribution and revocation of public keys and certificates. The model is an abstract generalization of existing PKIs and distributed in nature; each entity can issue certificates for public keys that they have confidence in, and distribute or revoke these to and from other entities.
Each entity has its own public-key base and can derive new knowledge by combining this knowledge with certificates signed with known keys. Each statement that is deduced or quoted within the system derives its support from original knowledge formed outside the system. When such original knowledge is removed, all statements that depended upon it are removed as well. Cyclic support is avoided through the use of support sets.
We define different revocation reasons and show how they can be modelled as specific actions. Revocation by removal, by inactivation, and by negation are all included. By policy, negative statements are the strongest, and positive are the weakest. Collisions are avoided by removing the weaker statement and, when necessary, its support.
Graph transformation rules are the chosen formalism. Rules are either interactive changes that can be applied by entities, or automatically applied deductions that keep the system sound and complete after the application of an interactive rule.
We show that the proposed model is sound and complete with respect to our definition of a valid state.
Report code: LIU-TEK-LIC-2006:1
11
Hagström, Åsa. "Understanding certificate revocation /." Linköping : Department of Electrical Engineering, Linköpings universitet, 2006. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-5477.
Full text
12
Boinapally, Kashyap. "Security Certificate Renewal Management." Thesis, Blekinge Tekniska Högskola, Institutionen för datavetenskap, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-18453.
Full textAbstract:
Context. An SSL encrypted client-server communication is necessary to maintain the security and privacy of the communication. For an SSL encryption to work, there should be a security certificate which has a certain expiry period. Periodic renewal of the certificate after its expiry is a waste of time and an effort on part of the company. Objectives. In this study, a new system has been developed and implemented, which sends a certificate during prior communication and does not wait for the certificate to expire. Automating the process to a certain extent was done to not compromise the security of the system and to speed up the process and reduce the downtime. Methods. Experiments have been conducted to test the new system and compare it to the old system. The experiments were conducted to analyze the packets and the downtime occurring from certificate renewal. Results. The results of the experiments show that there is a significant reduction in downtime. This was achieved due to the implementation of the new system and semi-automation Conclusions. The system has been implemented, and it greatly reduces the downtime occurring due to the expiry of the security certificates. Semi-Automation has been done to not hamper the security and make the system robust.
13
Batarfi, Omar Abdullah. "Certificate validation in untrusted domains." Thesis, University of Newcastle Upon Tyne, 2007. http://hdl.handle.net/10443/1983.
Full textAbstract:
Authentication is a vital part of establishing secure, online transactions and Public key Infrastructure (PKI) plays a crucial role in this process for a relying party. A PKI certificate provides proof of identity for a subject and it inherits its trustworthiness from the fact that its issuer is a known (trusted) Certification Authority (CA) that vouches for the binding between a public key and a subject's identity. Certificate Policies (CPs) are the regulations recognized by PKI participants and they are used as a basis for the evaluation of the trust embodied in PKI certificates. However, CPs are written in natural language which can lead to ambiguities, spelling errors, and a lack of consistency when describing the policies. This makes it difficult to perform comparison between different CPs. This thesis offers a solution to the problems that arise when there is not a trusted CA to vouch for the trust embodied in a certificate. With the worldwide, increasing number of online transactions over Internet, it has highly desirable to find a method for authenticating subjects in untrusted domains. The process of formalisation for CPs described in this thesis allows their semantics to be described. The formalisation relies on the XML language for describing the structure of the CP and the formalization process passes through three stages with the outcome of the last stage being 27 applicable criteria. These criteria become a tool assisting a relying party to decide the level of trust that he/she can place on a subject certificate. The criteria are applied to the CP of the issuer of the subject certificate. To test their validity, the criteria developed have been examined against the UNCITRAL Model Law for Electronic Signatures and they are able to handle the articles of the UNCITRAL law. Finally, a case study is conducted in order to show the applicability of the criteria. A real CPs have been used to prove their applicability and convergence. This shows that the criteria can handle the correspondence activities defined in a real CPs adequately.
14
Robertson, Laura. "STEM K-12 Education Certificate." Digital Commons @ East Tennessee State University, 2018. https://dc.etsu.edu/etsu-works/3241.
Full text
15
Wu, Brian C. "An Identity and Certificate Manager." Thesis, Massachusetts Institute of Technology, 2007. http://hdl.handle.net/1721.1/46461.
Full textAbstract:
Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2007.Includes bibliographical references (p. 97-98).
We have designed and implemented a software library, called Identity and Certificate Manager (ICM), for managing, using, and exchanging application-level usernames, users' digital certificates, and cryptographic username-certificate bindings. ICM can be used in a variety of personal communication applications, such as chat, email, VoIP telephony, and web browsing. As part of ICM, we designed and implemented a communication-efficient protocol, called Identity and Certificate Exchange (ICE), for exchanging certificates, usernames, and bindings within applications. The protocol avoids sending redundant information by remembering what information has been sent to whom; this feature is critical in low-bandwidth networks. The protocol also implements a robust fail-over mechanism for handling out-of-sync situations. To illustrate the benefits of ICM and ICE, we used ICM in a plugin for a popular chat-client, called Pidgin. The plugin allows users to engage in authenticated communication over any of the chat protocols supported by Pidgin, such as Jabber and Oscar (AIM). The plugin relies on ICE to provide assurances about users' identities and to efficiently disseminate users' certificates.
by Brian C. Wu.
M.Eng.
16
Najahi, Mohamed amine. "Synthesis of certified programs in fixed-point arithmetic, and its application to linear algebra basic blocks : and its application to linear algebra basic blocks." Thesis, Perpignan, 2014. http://www.theses.fr/2014PERP1212.
Full textAbstract:
Pour réduire les coûts des systèmes embarqués, ces derniers sont livrés avec des micro-processeurs peu puissants. Ces processeurs sont dédiés à l'exécution de tâches calculatoires dont certaines, comme la transformée de Fourier rapide, peuvent s'avérer exigeantes en termes de ressources de calcul. Afin que les implémentations de ces algorithmes soient efficaces, les programmeurs utilisent l'arithmétique à virgule fixe qui est plus adaptée aux processeurs dépourvus d'unité flottante. Cependant, ils se retrouvent confrontés à deux difficultés: D'abord, coder en virgule fixe est fastidieux et exige que le programmeur gère tous les détails arithmétiques. Ensuite, et en raison de la faible dynamique des nombres à virgule fixe par rapport aux nombres flottants, les calculs en fixe sont souvent perçus comme intrinsèquement peu précis. La première partie de cette thèse propose une méthodologie pour dépasser ces deux limitations. Elle montre comment concevoir et mettre en œuvre des outils pour générer automatiquement des programmes en virgule fixe. Ensuite, afin de rassurer l'utilisateur quant à la qualité numérique des codes synthétisés, des certificats sont générés qui fournissent des bornes sur les erreurs d'arrondi. La deuxième partie de cette thèse est dédiée à l'étude des compromis lors de la génération de programmes en virgule fixe pour les briques d'algèbre linéaire. Des données expérimentales y sont fournies sur la synthèse de code pour la multiplication et l'inversion matriciellesTo be cost effective, embedded systems are shipped with low-end micro-processors. These processors are dedicated to one or few tasks that are highly demanding on computational resources. Examples of widely deployed tasks include the fast Fourier transform, convolutions, and digital filters. For these tasks to run efficiently, embedded systems programmers favor fixed-point arithmetic over the standardized and costly floating-point arithmetic. However, they are faced with two difficulties: First, writing fixed-point codes is tedious and requires that the programmer must be in charge of every arithmetical detail. Second, because of the low dynamic range of fixed-point numbers compared to floating-point numbers, there is a persistent belief that fixed-point computations are inherently inaccurate. The first part of this thesis addresses these two limitations as follows: It shows how to design and implement tools to automatically synthesize fixed-point programs. Next, to strengthen the user's confidence in the synthesized codes, analytic methods are suggested to generate certificates. These certificates can be checked using a formal verification tool, and assert that the rounding errors of the generated codes are indeed below a given threshold. The second part of the thesis is a study of the trade-offs involved when generating fixed-point code for linear algebra basic blocks. It gives experimental data on fixed-point synthesis for matrix multiplication and matrix inversion through Cholesky decomposition
17
Dickinson, Luke Austin. "Certificate Revocation Table: Leveraging Locality of Reference in Web Requests to Improve TLS Certificate Revocation." BYU ScholarsArchive, 2018. https://scholarsarchive.byu.edu/etd/7010.
Full textAbstract:
X.509 certificate revocation defends against man-in-the-middle attacks involving a compromised certificate. Certificate revocation strategies face scalability, effectiveness, and deployment challenges as HTTPS adoption rates have soared. We propose Certificate Revocation Table (CRT), a new revocation strategy that is competitive with or exceeds alternative state-of-the-art solutions in effectiveness, efficiency, certificate growth scalability, mass revocation event scalability, revocation timeliness, privacy, and deployment requirements. The CRT periodically checks the revocation status of X.509 certificates recently used by an organization, such as clients on a university's private network. By prechecking the revocation status of each certificate the client is likely to use, the client can avoid the security problems of on-demand certificate revocation checking. To validate both the effectiveness and efficiency of using a CRT, we used 60 days of TLS traffic logs from Brigham Young University to measure the effects of actively refreshing certificates for various certificate working set window lengths. Using a certificate working set window size of 45 days, an average of 99.86% of the TLS handshakes from BYU would have revocation information cached in advance using our approach. Revocation status information can be initially downloaded by clients with a 6.7 MB file and then subsequently updated using only 205.1 KB of bandwidth daily. Updates to this CRT that only include revoked certificates require just 215 bytes of bandwidth per day.
18
Baïz, Adam. "De l’innovation des instruments de politique publique : développement d'une méthode de conception combinatoire autour d'un langage algorithmique et application au dispositif des certificats d’économie d’énergie." Thesis, Paris Sciences et Lettres (ComUE), 2018. http://www.theses.fr/2018PSLEM053/document.
Full textAbstract:
En dépit de ses diverses caractérisations, la nature innovante des instruments de politique publique semble consacrer trois types d’innovation : (a) soit, des imitations, à un glissement de modalités près, d’instruments préexistants ; (b) soit des hybridations d’instruments plus ou moins contraignants ; (c) soit des assemblages d’instruments de nature méta-instrumentale. En admettant alors que tous les instruments découlent les uns des autres par le biais de ces trois chemins de conception, nous avons cherché à produire une méthode de conception fondant concomitamment, et autour d’un même modèle-objet, une capacité d’identification ex post des instruments innovants et une capacité ex ante d’innovation.Au terme d’une démarche de recherche-intervention, nous avons convenu de définir les instruments comme autant de chaînes de causalité préfigurées de l’action collective, et avons formulé un langage algorithmique autour d’un certain nombre d’éléments - des acteurs, des actions, des événements, des opérateurs logiques et des vecteurs d’impact – afin de les caractériser de façon ostensive. En consacrant une méthode d’évaluation de la nouveauté et de l’effectivité instrumentales, nous avons dès lors pu établir qu’un instrument est innovant s’il constitue une nouvelle chaîne de causalité opérant effectivement dans la réalité technico-sociale. De façon corollaire, innover un instrument revient alors à dessiner une nouvelle chaîne de causalité, ou à modifier les acteurs et les actions qui la composent.Afin d’illustrer et d’éprouver cette méthode de conception que nous qualifions de combinatoire, nous avons enfin cherché à interroger le caractère innovant du dispositif des certificats d’économie (CEE) et ce, en proposant un protocole d'évaluation et en formulant diverses pistes d'innovationAlthough it is diversely characterized, the innovative nature of instruments seems to follow three types of innovation: (a) imitations of existing instruments; (b) hybridizations of more or less coercive instruments; (c) or meta-conglomerations of instruments. After admitting that all instruments originate from one another through these three innovation paths and a unique object model, we tried to provide a new design method that would both enable the identification of innovative instruments and their design.Within the frame of intervention research, we agreed to define an instrument as a specific intended causal chain of public action, and formulated an algorithmic language along some instrumental elements (actors, actions, events, logical operators and impact vectors) in order to characterize instruments in an ostensive way. After developing a method to evaluate the newness and the effectivity of any instrument, we could more precisely define an innovative instrument as a new causal chain that is effectively implemented in the technical and social reality. As a corollary, innovating an instrument consists in designing a new causal chain, or modifying the actors and actions in it.Eventually, and in order to apply and test what we called a combinatory design method, we chose to question the innovative nature of the Energy Savings Certificates scheme (ESC). For this purpose, we elaborated an evaluation protocol and formulated several possible lines of innovation
19
Zhu, Lianyi. "DCMS, a digital certificate management system." Thesis, National Library of Canada = Bibliothèque nationale du Canada, 1998. http://www.collectionscanada.ca/obj/s4/f2/dsk2/ftp01/MQ35863.pdf.
Full text
20
Robertson, Laura, Ryan Andrew Nivens, W. Courtney, A. Fissel, and D. O'Neal. "ETSU STEM K-12 Education Certificate." Digital Commons @ East Tennessee State University, 2017. https://dc.etsu.edu/etsu-works/2643.
Full text
21
Ellgren, Robin, and Tobias Löfgren. "Distributed Client Driven Certificate Transparency Log." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-148693.
Full textAbstract:
High profile cyber attacks such as the one on DigiNotar in 2011, where a Certificate Authority (CA) was compromised, has shed light on the vulnerabilities of the internet. In order to make the internet safer in terms of exposing fraudulent certificates, CertificateTransparency (CT) was introduced. The main idea is to append all certificates to a publicly visible log, which anyone can monitor to check for suspicious activity. Although this is a great initiative for needing to rely less on CAs, the logs are still centralized and run by large companies. Therefore, in this thesis, in order to make the logs more available and scalable, we investigate the idea of a distributed client driven CT log via peer-to-peer (P2P) and WebRTC technology that runs in the background of the user’s browser. We show that such a system is indeed implementable, but with limited scalability. We also show that such a system would provide better availability while keeping the integrity of CT by implementing an append only feature, enforced by the Merkle Tree structure.
22
Gustafsson, Josef. "Certificate Transparency in Theory and Practice." Thesis, Linköpings universitet, Databas och informationsteknik, 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-125855.
Full textAbstract:
Certificate Transparency provides auditability to the widely used X.509 Public Key Infrastructure (PKIX) authentication in Transport Layer Security (TLS) protocol. Transparency logs issue signed promises of inclusions to be used together with certificates for authentication of TLS servers. Google Chrome enforces the use of Certificate Transparency for validation of Extended Validation (EV) certificates. This thesis proposes a methodology for asserting correct operation and presents a survey of active Logs. An experimental Monitor has been implemented as part of the thesis. Varying Log usage patterns and metadata about Log operation are presented, and Logs are categorized based on characteristics and usage. A case of mis-issuance by Symantec is presented to show the effectiveness of Certificate Transparency.
23
Macdonell, James Patrick. "MiniCA: A web-based certificate authority." CSUSB ScholarWorks, 2007. https://scholarworks.lib.csusb.edu/etd-project/3256.
Full textAbstract:
The MiniCA project is proposed and developed to address growing demand for inexpensive access to security features such as privacy, strong authentication, and digital signatures. These features are integral to public-key encryption technologies. The audience for whom the software project is intended includes, technical staff requiring certificates for use in SSL applications (i.e. a secure web-site) at California State University, San Bernardino.
24
Sjöström, Linus, and Carl Nykvist. "How Certificate Transparency Impact the Performance." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-140838.
Full textAbstract:
Security on the Internet is essential to ensure the privacy of an individual. Today, Trans- port Layer Security (TLS) and certificates are used to ensure this. But certificates are not enough in order to maintain confidentiality and therefore a new concept, Certificate Trans- parency (CT), has been introduced. CT improves security by allowing the analysis of sus- picious certificates. Validation by CT uses public logs that can return Signed Certificate Timestamp (SCT), which is a promise returned by the log indicating that the certificate will be added to the log. A server may then deliver the SCT to a client in three different ways: X.509v3 extension, Online Certificate Status Protocol (OSCP) stapling and TLS extension. For further analysis, we have created a tool to collect data during TLS handshakes and data transfer, including byte information, the certificates themselves, SCT delivery method and especially timing information. From our dataset we see that most websites do not use CT and the ones that use CT almost only use X.509 extension to send their SCTs.
25
Bruhner, Carl Magnus, and Oscar Linnarsson. "Relay Racing with X.509 Mayflies : An Analysis of Certificate Replacements and Validity Periods in HTTPS Certificate Logs." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-167063.
Full textAbstract:
Certificates are the foundation of secure communication over the internet as of today. While certificates can be issued with long validity periods, there is always a risk of having them compromised during their lifetime. A good practice is therefore to use shorter validity periods. However, this limits the certificate lifetime and gives less flexibility in the timing of certificate replacements. In this thesis, we use publicly available network logs from Rapid7's Project Sonar to provide an overview of the current state of certificate usage behavior. Specifically, we look at the Let's Encrypt mass revocation event in March 2020, where millions of certificates were revoked with just five days notice. In general, we show how this kind of datasets can be used, and as a deeper exploration we analyze certificate validity, lifetime and use of certificates with overlapping validity periods, as well as discuss how our findings relate to industry standard and current security trends. Specifically, we isolate automated certificate services such as Let's Encrypt and cPanel to see how their certificates differ in characteristics from other certificates in general. Based on our findings, we propose a set of rules to help improve the trust in certificate usage and strengthen security online, introducing an Always secure policy aligning certificate validity with revocation time limits in order to replace revocation requirements and overcoming the fact that mobile devices today ignore this very important security feature. To round things off, we provide some ideas for further research based on our findings and what we see possible with datasets such as the one researched in this thesis.
26
Muñoz, Tapia José L. (José Luis). "Desing and Evaluation of Certificate Revocation Systems." Doctoral thesis, Universitat Politècnica de Catalunya, 2003. http://hdl.handle.net/10803/7031.
Full textAbstract:
Este trabajo presenta tanto el estado del arte como un análisis de los principales sistemas de revocación de certificados digitales. El hecho de comprender bien el mecanismo de revocación de un certificado es importante tanto para los proveedores de servicios PKI como para los usuarios finales de la PKI: una mejor comprensión de las complejidades del sistema de revocación permite a estas entidades mejorar su proceso de decisión a la hora de aceptar o rechazar un certificado teniendo en cuenta la gran cantidad de variables inherentes en los sistemas de revocación. La revocación de certificados se presenta como uno de los problemas más complejos a resolver en toda la PKI. Por tanto este aspecto se está convirtiendo en un punto crucial para el amplio desarrollo de las PKIs. Hay estudios que incluso argumentan que los costes de la PKI derivan en gran medida de la administración de la revocación.
Esto nos ha motivado para desarrollar nuevas propuestas. En este sentido, hemos desarrollado tres propuestas: H-OCSP (propuesta de mejora basada en el estándar OCSP), AD-MHT (propuesta basada en los árboles de hash de Merkle) y E-MHT (propuesta que aglutina varios mecanismos que permiten mejorar la eficiencia de los sistemas tradicionales basados en el árbol de hash de Merkle).
Las propuestas que se plantean en esta tesis no son solo un conjunto de mecanismos teóricos sino que son también sistemas prácticos que han sido implementados como parte de una plataforma de pruebas llamada Cervantes. El diseño de Cervantes permite además encajar cualquier otro tipo de sistema de revocación sin cambios significativos en la estructura o el código fuente de la plataforma. En particular, en esta tesis se detalla como se han implementado los dos grandes estándares de revocación: CRL y OCSP y como se han implementado las propuestas realizadas.
Finalmente utilizando Cervantes se pueden observar resultados de rendimiento para todos los sistemas estudiados y en particular nuestras propuestas han demostrado finalmente ser más escalables y eficientes en tratamiento de la información de revocación que las propuestas anteriores.
Certificates are necessary but not sufficient to secure transactions between parties. The Public Key Infrastructure (PKI) has to provide its users the ability to check, at the time of usage, that certificates are still valid (not revoked). So understanding revocation is an important concern to both PKI service providers and end users. By a better understanding of the complexities of certificate revocation, certificate-using entities can improve their decision-making process in order to accept or reject a certain certificate. In this sense, this thesis presents a comprehensive survey and analysis of the main existing revocation schemes. Furthermore, the certificate revocation represents one of the hardest scalability problems of the whole PKI; so this aspect is getting more and more crucial with the development of wide spread PKIs. There are studies that even argue that the running expenses of a PKI derives mainly from administering revocation. This motivate us to propose scalable, timely, secure, and cost-effective systems to manage the revocation information. In this respect, we have three new proposals: H-OCSP (which is a modification over the standard OCSP), AD-MHT (which is based on the Merkle Hash Tree) and E-MHT (which agglutinates several mechanisms that enhance the efficiency of traditional MHT-based systems). Our proposals are not only a set of theoretical mechanisms but they are also practical systems that have been implemented inside a Java test-bed called Cervantes (Certificate Validation Test-bed). The design of Cervantes allows it to fit any kind of revocation system without significative changes in the structure or the source code of the platform. Finally using Cervantes we are able to obtain performance results about each system developed.
27
Robertson, Laura, Ryan Andrew Nivens, W. Courtney, and A. Fissel. "STEM K-12 Education Certificate at ETSU." Digital Commons @ East Tennessee State University, 2017. https://dc.etsu.edu/etsu-works/1315.
Full text
28
Elien, Jean-Emile 1974. "Certificate discovery using SPKI/SDSI 2.0 certificates." Thesis, Massachusetts Institute of Technology, 1998. http://hdl.handle.net/1721.1/47610.
Full textAbstract:
Thesis (M.Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 1998.Includes bibliographical references (leaves 67-68).
by Jean-Emile Elien.
M.Eng.
29
Amoozadeh, Mani. "Certificate Revocation List Distribution in Vehicular Communication Systems." Thesis, KTH, Kommunikationsnät, 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-119818.
Full textAbstract:
Message exchange in VANETs should be secured. Researchers have designed many methods to meet this goal. One of the ways agreed upon by most researchers, is through the use of a public-key infrastructure (PKI). An important part of any PKI system is certificate revocation. The revocation is usually done by periodically issuing a Certificate Revocation List (CRL) by the Certification Authority (CA). After the creation of a CRL by CA, the CRL should be distributed in the VC system. The important question is how we can distribute the CRL efficiently and in a timely manner throughout the system in a way that all vehicles receive a genuine copy of it. A couple of researches considered CRL distribution in the past and proposed different methods like RSU-only [1], C2C Epidemic [2], and Most Pieces Broadcast (MPB) [3]. We implement the aforementioned CRL distribution methods and evaluate them using a common framework. With this approach, we can compare these methods accurately and point out the limitations of each. Due to the fact that C2C Epidemic did not provide any packet-level implementation, we propose an implementation for it. We also propose a new method for CRL distribution called ICE (Intelligent CRL Exchange). This method uses V2V and I2V communication to distribute the CRL pieces to vehicles. ICE is an enhanced version of the MPB method and it uses semi-incremental CRL exchange. With this approach, the number of duplicate received pieces decreases in comparison to the MPB method. Moreover, ICE uses a simple approach to decrease the number of unnecessary broadcasts by RSUs. The evaluation is done through simulations. OMNET++ [4] and the MiXiM framework are used for detailed packet-level simulation. The simulation is done for both small and large scale scenarios. For the large scale simulation, we use SUMO [5] to generate mobility traces of vehicle nodes. Different criteria are defined so that we can compare CRL distribution methods. According to the simulation results, vehicles in C2C Epidemic, MPB and ICE receive all the required CRL pieces in less time in comparison to RSU-only, because vehicles use both I2V and V2V communications. MPB shows a better performance than C2C Epidemic, but the number of duplicate received pieces increases substantially. ICE tries to alleviate this by incorporating semi-incremental CRL exchange. Furthermore, the number of broadcasts by RSUs in the ICE method shows reduction.
30
Guibert, Remy L. "Death certificate coding variation and coronary heart disease." Thesis, McGill University, 1987. http://digitool.Library.McGill.CA:80/R/?func=dbin-jump-full&object_id=66229.
Full text
31
Specter, Michael Alan. "The economics of cryptographic trust : understanding certificate authorities." Thesis, Massachusetts Institute of Technology, 2016. http://hdl.handle.net/1721.1/104028.
Full textAbstract:
Thesis: S.M. in Technology and Policy, Massachusetts Institute of Technology, Institute for Data, Systems, and Society, Technology and Policy Program, 2016.Thesis: S.M., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2016.
Cataloged from PDF version of thesis.
Includes bibliographical references (pages 71-75).
Certificate Authorities (CAs) play a crucial role in HTTPS, the mechanism that secures all of the web's most important communication; if it has a log-in page, it must use HTTPS. However, recent history is littered with instances of CAs unabashedly undermining the trust model of the web in favor of economic gain, causing catastrophic harm to users in the process. The purpose of this thesis is to understand how well user, domain owner, and browser vendor controls function in order to evaluate methods of realigning CA incentives. Using a compendium of past incidents of CA failure as a series of natural experiments, along with a large dataset of all publicly available certificate collections, we find that it is possible to causally link a very slight increase in domain owners leaving a CA when a CA acts inappropriately. We further find that the technical architecture of the CA system leaves users without effective control over which CAs they trust, and that browsers face certain difficulty in distrusting larger CAs. The end result is a system where large CAs can unilaterally undermine the trust model of the web without clear repercussion.
by Michael Alan Specter.
S.M. in Technology and Policy
S.M.
32
Yu, Suhyoun. "Simple certificate for power distribution network security assessment." Thesis, Massachusetts Institute of Technology, 2017. http://hdl.handle.net/1721.1/113748.
Full textAbstract:
Thesis: S.M., Massachusetts Institute of Technology, Department of Mechanical Engineering, 2017.Cataloged from PDF version of thesis.
Includes bibliographical references (pages 53-54).
The integration of volatile renewable energy sources, non-traditional load managements, and unforeseen natural disasters introduce uncertainties that could easily jeopardize the security of power systems. Meanwhile, constructing the real solvable boundary-crucial for contingency analysis, security assessment, and planning network processes-in multidimensional parameter space is burdensome and time consuming; hence there is an urgent need for a tool to identify the security region, or the set of viable injections. This thesis presents fast and reliable inner approximation techniques for solvable boundaries of power distribution systems based on Banach fixed point theorem and Kantorovich theorem. The novel method is in a simple "certificate" form-a single lined inequality condition that involves the system variables and parameters. Our certificate is noniterative, therefore computationally efficient, and the simulation results confirm that the presented approach constructs regions that are sufficiently large for most security-constrained functions. The construction for our "certificates" begins with re-formulating power-flow equations into appropriate forms such that they are applicable to the aforementioned two major theorems. Practical applications of the proposed technique include fast screening tool for feasible injection change, certified solvability margins, and new computationally robust continuation power flow algorithms.
by Suhyoun Yu.
S.M.
33
Martin, M. Troy. "Student Retention and Persistence in Certificate-First Programs." BYU ScholarsArchive, 2021. https://scholarsarchive.byu.edu/etd/9232.
Full textAbstract:
This research explores the effect that earning professional certificates has on student confidence, motivation, and persistence. For this study, the focus is the student motivation and persistence of nontraditional students who seek to earn a bachelor's degree despite considerable obstacles and challenges. Specifically, this study evaluates the matriculation rates between two cohorts of students who participated in the online PathwayConnect program. The first cohort was encouraged to complete the program and apply for an online bachelor's degree program at BYU-Idaho. The second cohort was also encouraged to apply to an online program, but only after earning a professional certificate in their desired focus of study. The study found that matriculation rates for students who earned a certificate increased over those who followed a traditional path. The research suggests that earning a certificate provided a lift in student confidence and motivation as the significant contributing factors to the positive change.
34
Dahlberg, Rasmus. "Aggregating Certificate Transparency Gossip Using Programmable Packet Processors." Thesis, Karlstads universitet, Institutionen för matematik och datavetenskap (from 2013), 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:kau:diva-65977.
Full textAbstract:
Certificate Transparency (CT) logs are append-only tamper-evident data structures that can be verified by anyone. For example, it is possible to challenge a log to prove certificate inclusion (membership) and log consistency (append-only, no tampering) based on partial information. While these properties can convince an entity that a certificate is logged and not suddenly removed in the future, there is no guarantee that anyone else observes the same consistent view. To solve this issue a few gossip protocols have been proposed, each with different quirks, benefits, assumptions, and goals. We explore CT gossip below the application layer, finding that packet processors such as switches, routers, and middleboxes can aggregate gossip passively or actively to achieve herd immunity: (in)direct protection against undetectable log misbehaviour. Throughout the thesis we describe, instantiate, and discuss passive aggregation of gossip messages for a restricted data plane programming language: P4. The concept of active aggregation is also introduced. We conclude that (i) aggregation is independent of higher-level transparency applications and infrastructures, (ii) it appears most prominent to aggregate Signed Tree Heads (STHs) in terms of privacy and scalability, and (iii) passive aggregation can be a long-term solution if the CT ecosystem adapts. In other words, not all sources of gossip must be encrypted to preserve privacy.HITS, 4707
35
Almoaber, Basmah. "Bootstrapping Trust Evaluation Using a Trust Certificate Model." Thesis, Université d'Ottawa / University of Ottawa, 2015. http://hdl.handle.net/10393/32141.
Full textAbstract:
Trust plays a vital role in the decision to initiate any interaction. Rational agents may use past experiences and other agents’ opinions to decide to trust, but due to the nature of open multi-agent systems, where agents can dynamically join and leave the system at any time, agents may find themselves dealing with complete strangers whom neither they nor their friends have encountered before. This situation forces the agents to choose partners randomly, which significantly increases the risk of encountering unreliable agents. For instance, service requesters may become reluctant to initiate communication with newly-joined service providers. And when the newcomers are service requesters, who are willing to exploit the environment, service providers may also hesitate to start any connection with them. As a result, newcomers are excluded from the competition and old agents lose the possibility of interacting with better agents. In this thesis, we address that issue by creating a Trust Certificate (TC) model in which each agent is equipped with a certificate that works as a reference by providing information about its holder. The information is obtained and stored by the agent itself and is available to other agents who request it to evaluate the holder’s trustworthiness for a potential interaction. The stored information is about the agent’s role in the society and its performance in past interactions. The TC model allows agents to retrieve reputation information and make initial trust evaluations when evidence is unavailable. It also helps agents to avoid the need to make random partner selection due to the information scarcity. We show how this model enhances the interaction process between agents by evaluating it in the context of a simulated multi-agent system.
36
Bergström, Anna, and Emily Berghäll. "Public certificate management : An analysis of policies and practices used by CAs." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-177148.
Full textAbstract:
Certificate Authorities (CAs) carry a huge responsibility in today's internet security landscape as they issue certificates that establish secure end-to-end connections. This thesis conducts a policy review and survey of CAs' Certificate Policies and Certificate Practice Statements to find similarities and differences that could lead to possible vulnerabilities. Based on this, the thesis then presents a taxonomy-based analysis as well as comparisons of the top CAs to the Baseline Requirements. The main areas of the policies that were focused on are the issuance, revocation and expiration practices of the top 30 CAs as determined by the use of Tranco's list. We also determine the top CA groups, meaning the CAs whose policies are being used by the most other CAs as well as including a top 100 CAs list. The study suggests that the most popular CAs hold such a position because of two main reasons: they are easy to acquire and/or because they are connected to several other CAs. The results suggest that some of the biggest vulnerabilities in the policies are what the CAs do not mention in any section as it puts the CA at risk for vulnerabilities. The results also suggest that the most dangerous attacks are social engineering attacks, as some of the stipulations for issuance and revocations make it possible to pretend to be the entity of subscribes to the certificate rather than a malicious one.
37
Nowatkowski, Michael E. "Certificate revocation list distribution in vehicular ad hoc networks." Diss., Georgia Institute of Technology, 2010. http://hdl.handle.net/1853/33971.
Full textAbstract:
The objective of this research is to investigate improved methods for distributing certificate revocation lists (CRLs) in vehicular ad hoc networks (VANETs). VANETs are a subset of mobile ad hoc networks composed of network-equipped vehicles and infrastructure points, which will allow vehicles to communicate with other vehicles and with roadside infrastructure points. While sharing some of the same limitations of mobile ad hoc networks, such as lack of infrastructure and limited communications range, VANETs have several dissimilarities that make them a much different research area. The main differences include the size of the network, the speed of the vehicles, and the network security concerns. Confidentiality, authenticity, integrity, and availability are some of the standard goals of network security. While confidentiality and authenticity at times seem in opposition to each other, VANET researchers have developed many methods for enhancing confidentiality while at the same time providing authenticity. The method agreed upon for confidentiality and authenticity by most researchers and the IEEE 1609 working group is a public key infrastructure (PKI) system. An important part of any PKI system is the revocation of certificates. The revocation process, as well as the distribution of revocation information, is an open research problem for VANETs. This research develops new methods of CRL distribution and compares them to existing methods proposed by other researchers. The new methods show improved performance in various vehicle traffic densities.
38
Samuelsson, Mathias. "DANE with OpenSSL : PKIX certificate authentication throughDNS using OpenSSL." Thesis, Uppsala universitet, Institutionen för informationsteknologi, 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-176749.
Full textAbstract:
Background X.509 is an ITU standard for a public key infrastructure (PKI), which specifies, among other things, formats for public key certificates, certificate requests, certificate revocation lists and certification path validation algorithm. The X.509 standard was primarily designed to support the X.500 structure. However, today’s use cases centre mostly on the Internet. IETF’s Public-Key Infrastructure (X.509) working group has adapted the standard to the requirements and structure of the Internet. RFC 5280 specifies the PKIX Certificate and CRL Profile of the X.509v3 certificate standard. PKIX certificates are used for validating the identity or identities of the communicating parties, and optionally establishing secure keying material for protection of a message or a communications channel. Authentication and establishment of a secure communications channel on top of TCP with the Transport Layer Security protocol (TLS, RFC 5247) or the Secure Sockets Layer protocol (SSL) is probably the most common application of PKIX on the Internet. The IETF is converging on a standard for integration of X.509 Public Key Infrastructure with DNS and DNSSEC (DANE). In order to reach wide adoption, the concept must be validated through interoperability tests between multiple independent implementations. Results An implementation of the DANE standard has been demonstrated through an extension to the OpenSSL library. All use cases in the DANE standard has been validated to work as documented in the standard. Conclusions The DANE standard is implementable and reaches the results it sets out to achieve.
39
Bedford, Ronald L. Field R. William. "Utility of death certificate data in predicting cancer incidence." [Iowa City, Iowa] : University of Iowa, 2009. http://ir.uiowa.edu/etd/336.
Full text
40
Hernández, Gañán Carlos. "Certificate status information distribution and validation in vehicular networks." Doctoral thesis, Universitat Politècnica de Catalunya, 2013. http://hdl.handle.net/10803/286193.
Full textAbstract:
Vehicular ad hoc networks (VANETs) are emerging as an functional technology for providing a wide range of applications to vehicles and passengers. Ensuring secure functioning is one of the prerequisites for deploying reliable VANETs. The basic solution envisioned to achieve these requirements is to use digital certificates linked to a user by a trusted third party. These certificates can then be used to sign information. Most of the existing solutions manage these certificates by means of a central Certification Authority (CA). According to IEEE 1609.2 standard, vehicular networks will rely on the public key infrastructure (PKI). In PKI, a CA issues an authentic digital certificate for each node in the network. Therefore, an efficient certificate management is crucial for the robust and reliable operation of any PKI. A critical part of any certificate-management scheme is the revocation of certificates. The distribution of certificate status information process, as well as the revocation process itself, is an open research problem for VANETs.In this thesis, firstly we analyze the revocation process itself and develop an accurate and rigorous model for certificate revocation. One of the key findings of our analysis is that the certificate revocation process is statistically self-similar. As none of the currently common formal models for revocation is able to capture the self-similar nature of real revocation data, we develop an ARFIMA model that recreates this pattern. We show that traditional mechanisms that aim to scale could benefit from this model to improve their updating strategies.Secondly, we analyze how to deploy a certificate status checking service for mobile networks and we propose a new criterion based on a risk metric to evaluate cached status data. With this metric, the PKI is able to code information about the revocation process in the standard certificate revocation lists. Thus, users can evaluate a risk function in order to estimate whether a certificate has been revoked while there is no connection to a status checking server. Moreover, we also propose a systematic methodology to build a fuzzy system that assists users in the decision making process related to certificate status checking.Thirdly, we propose two novel mechanisms for distributing and validating certificate status information (CSI) in VANET. This first mechanism is a collaborative certificate status checking mechanism based on the use based on an extended-CRL. The main advantage of this extended-CRL is that the road-side units and repository vehicles can build an efficient structure based on an authenticated hash tree to respond to status checking requests inside the VANET, saving time and bandwidth. The second mechanism aims to optimize the trade- off between the bandwidth necessary to download the CSI and the freshness of the CSI. This mechanism is based on the use of a hybrid delta-CRL scheme and Merkle hash trees, so that the risk of operating with unknown revoked certificates remains below a threshold during the validity interval of the base-CRL, and CAs have the ability to manage this risk by setting the size of the delta-CRLs. Finally, we also analyze the impact of the revocation service in the certificate prices. We model the behavior of the oligopoly of risk-averse certificate providers that issue digital certificates to clients facing iden- tical independent risks. We found the equilibrium in the Bertrand game. In this equilibrium, we proof that certificate providers that offer better revocation information are able to impose higher prices to their certificates without sacrificing market share in favor of the other oligarchs.Las redes vehiculares ad hoc (VANETs) se están convirtiendo en una tecnología funcional para proporcionar una amplia gama de aplicaciones para vehículos y pasajeros. Garantizar un funcionamiento seguro es uno de los requisitos para el despliegue de las VANETs. Sin seguridad, los usuarios podrían ser potencialmente vulnerables a la mala conducta de los servicios prestados por la VANET. La solución básica prevista para lograr estos requisitos es el uso de certificados digitales gestionados a través de una autoridad de certificación (CA). De acuerdo con la norma IEEE 1609.2, las redes vehiculares dependerán de la infraestructura de clave pública (PKI). Sin embargo, el proceso de distribución del estado de los certificados, así como el propio proceso de revocación, es un problema abierto para VANETs.En esta tesis, en primer lugar se analiza el proceso de revocación y se desarrolla un modelo preciso y riguroso que modela este proceso conluyendo que el proceso de revocación de certificados es estadísticamente auto-similar. Como ninguno de los modelos formales actuales para la revocación es capaz de capturar la naturaleza auto-similar de los datos de revocación, desarrollamos un modelo ARFIMA que recrea este patrón. Mostramos que ignorar la auto-similitud del proceso de revocación lleva a estrategias de emisión de datos de revocación ineficientes. El modelo propuesto permite generar trazas de revocación sintéticas con las cuales los esquemas de revocación actuales pueden ser mejorados mediante la definición de políticas de emisión de datos de revocación más precisas. En segundo lugar, se analiza la forma de implementar un mecanismo de emisión de datos de estado de los certificados para redes móviles y se propone un nuevo criterio basado en una medida del riesgo para evaluar los datos de revocación almacenados en la caché. Con esta medida, la PKI es capaz de codificar la información sobre el proceso de revocación en las listas de revocación. Así, los usuarios pueden estimar en función del riesgo si un certificado se ha revocado mientras no hay conexión a un servidor de control de estado. Por otra parte, también se propone una metodología sistemática para construir un sistema difuso que ayuda a los usuarios en el proceso de toma de decisiones relacionado con la comprobación de estado de certificados.En tercer lugar, se proponen dos nuevos mecanismos para la distribución y validación de datos de estado de certificados en VANETs. El primer mecanismo está basado en el uso en una extensión de las listas estandares de revocación. La principal ventaja de esta extensión es que las unidades al borde de la carretera y los vehículos repositorio pueden construir una estructura eficiente sobre la base de un árbol de hash autenticado para responder a las peticiones de estado de certificados. El segundo mecanismo tiene como objetivo optimizar el equilibrio entre el ancho de banda necesario para descargar los datos de revocación y la frescura de los mismos. Este mecanismo se basa en el uso de un esquema híbrido de árboles de Merkle y delta-CRLs, de modo que el riesgo de operar con certificados revocados desconocidos permanece por debajo de un umbral durante el intervalo de validez de la CRL base, y la CA tiene la capacidad de gestionar este riesgo mediante el ajuste del tamaño de las delta-CRL. Para cada uno de estos mecanismos, llevamos a cabo el análisis de la seguridad y la evaluación del desempeño para demostrar la seguridad y eficiencia de las acciones que se emprenden.
41
Zhang, Jing. "Flexible Certificate Management for Secure HTTPS Client/Server Communication." Thesis, Linköping University, Department of Computer and Information Science, 2005. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-4135.
Full textAbstract:
Certificate management is a crucial element in PKI implementations, which includes certificate generation, distribution, storage, and revocation. Most of the existing research has been focusing on the security aspect or the functionality and the structure of certificate management systems. Very little has looked at the actual user requirements for the system and how users can use the system conveniently and practically, which is actually a very important factor for the whole security system to work properly and to be widely accepted.
In this thesis we have designed a framework that provides a flexible certificate management for different security levels according to user requirements and situations, and with a user-friendly interface. A certificate management system CSA (Certificate Server Adapter) is implemented for HP OpenView Operations for Windows (OVO/Windows), which is a management software product provided by Hewlett-Packard. The CSA helps OVO/Windows to provide secure HTTPS client/server communication. Tests show that it offers a good enough security for all situations without compromise and, at the same time, the best convenience and flexibility are achieved. However, the CSA can be further improved to have a lifetime management of the created certificates, an enhanced user interface, and an API to plug-in other PKI solutions.
42
Brocklebank, R. J., and n/a. "The ACT year 12 certificate : a student based review." University of Canberra. Education, 1985. http://erl.canberra.edu.au./public/adt-AUC20060613.133106.
Full textAbstract:
The aim of this Field Study is to establish the
extent to which Year 12 students understand and appreciate
the ACT College System of senior secondary and the
information which appears on the ACT Year 12 Certificate.
In order to provide the reader with a basis for
understanding what happens over the final two years of
secondary education in the ACT the author has established
the historical context that gave rise to the establishment
of the Secondary Colleges in the ACT. This brief history
outlines the causes and reasons which led to separation
from the NSW state system of education and the decision
to develop a different approach to the provision of
education for students in Year 11 and 12.
To provide an idea of how the system works a description
of what makes up the College System is provided.
This includes an explanation of how the colleges relate
to the high schools, their curriculum, the accreditation
of courses, assessment and certification. The role of
the ACT Schools Accrediting Agency is explained in the
way it underpins the credibility of the system and of
how it carries the responsibility for the final generation
of the ACT Year 12 Certificate.
While this study looks at the system some seven
years after it began, earlier evaluations had taken place
which examined matters linked with the ACT Year 12
Certificate. In writing this report the author reviews
two important assessments of the system, one of the
role of the ACT Schools Accrediting Agency and the other
concerned with the success of the Colleges as educational
institutions from a student viewpoint. The author also
attempts to compare the changes which came with the ACT
College System with recent developments and current
thinking about senior secondary education in other Australian
states.
The major part of the Field Study was a survey of
a sample of Year 12 students at the end of 1983 to
establish the extent to which they understood the aspects
of the system they had been a part of for two years. The
data and findings of this survey are presented.
The report concludes with an outline of the most
recent changes, developments and reactions which in some
way affect the system. At the end of the conclusion,
the author presents a list of recommendations aimed at
overcoming some of the problems pin-pointed in the report.
43
Chen, Sung-neng, and 陳松能. "Certificate Management and Its Application." Thesis, 2004. http://ndltd.ncl.edu.tw/handle/78017449045614912758.
Full text
44
Chang, Chun, and 張群. "The Application of Microsoft Certificate Service - An example of campus digital certificate." Thesis, 2003. http://ndltd.ncl.edu.tw/handle/12941745350781656330.
Full textAbstract:
碩士樹德科技大學
資訊管理研究所
91
In the increasingly complicated environments of information processing, the amount of servers and the requirements network operating in an organization are continually growing. A companied issue is the extreme requirements of information operating security. Facing the crises of increasing network crimes and hackers who exist anywhere, how to establish a reliable security mechanism for improving the security of information system and network operating by means of fast, low cost and low risk is the important issue to information managing department and information technologists of an organization. Network information processing has to meet five requirements of integrity, authentication, non-repudiation, confidentiality, and access control. On the basis of digital certificate and public key infrastructure, utilizing a smartcard can meet these requirements. However, if this security mechanism completely built up by outsiders, it may not be economic due to the timing and considerable expense. Fortunately, in Windows 2000 operation system Microsoft builds in some related and required components of security mechanism. Therefore, if one buys a smartcard and smartcard writer/reader, he/she will be enabled to build up a security mechanism by himself/herself. In association with the digital certificate and public key infrastructure, how to rapidly establish this security mechanism for the use of present information operating frame of an organization is the aim of this research project. This proposal will conductive an experimental research undertaken in author’s employed institute, attempting to establish the application of this security mechanism with an immediately significant improvement in the security of organization information processing.. To conduct this research project, experimental work was undertaken in author’s employed institute by utilizing Microsoft digital certificate, public key infrastructure and smart card. The integral application of three mechanisms was established by providing server interactive single sing-on, web page identification and authorization, and email digital certificate as well as encoding/decoding. Furthermore, this integral application was applied to institute attempting to give an immediately significant improvement in the security of information processing.
45
魏鼎洋. "Application and Implementation of X.509v4 Attribute Certificate." Thesis, 2005. http://ndltd.ncl.edu.tw/handle/59920111825070022391.
Full textAbstract:
碩士國立交通大學
資訊工程系所
93
There is a predicament about authorization using identity certificate in the network. In this paper, we discuss the application and related implementation of X.509v4 attribute certificate on for solving the predicament. The attribute certificate is a kind of short-term certificate. The main different from identity certificate is no public key on the attribute certificate. An attribute certificate is used to bind a set of attributes to its holder. The attributes are the privileges which holder is allowed for. Therefore, the attribute certificate must be used together with identity certificate. In application of the attribute certificate, it defines Privilege Management Infrastructure (PMI) in X.509v4 specification. PMI can support privilege management and authorization, and almost cooperate with PKI. X.509v4 proposes four kinds of PMI models to offer various kinds of more flexible applications of attribute certificate. In implementation of attribute certificate, I will introduce relevant knowledge and tools in advance and then show how to sign an attribute certificate. Except the implementation of attribute certificate, I also implement simple Attribute Authority server and Privilege Verifier server in PMI. Try to simulate two kinds of scenarios about client, requesting Attribute Authority server for the attribute certificate and requesting Privilege Verifier server for resources.
46
張懿範. "The Implementation and Application of Project Management Certificate in Taiwan." Thesis, 2009. http://ndltd.ncl.edu.tw/handle/82912194635447624388.
Full textAbstract:
碩士明新科技大學
營建工程與管理研究所
97
In recent years, project management, which originated from Europe and the United States, is popularized to the whole world fast. In the trend of globalization and rapid social change, the employee’s ability in project management has got more attention and demand for enterprise manager. Consequently, the number of project management certificate is grown quickly in Taiwan and all over the world. This study intend discussing the implementation and application of project management certificate in Taiwan. The methods of this study are literatures review, expert interviews and questionnaire survey. In expert interviews, 20 experts has been interviewed and divided into three categories, including scholar, organization for certificate and license holders in project management domain. The survey questionnaire is send to the license holders, and 439 valid results is got in this study. The questionnaire analysis includes the statement statistics, ANOVA and cross analysis by using the SPSS statistical software package. The results of this study can offer reference information for organization of certificate, government section, enterprise and others who interesting in project management.
47
CHEN, CHUN-AN, and 陳俊安. "Application of Blockchain Technology to Grade Certificate of Martial Arts." Thesis, 2019. http://ndltd.ncl.edu.tw/handle/m57wp9.
Full textAbstract:
碩士國立臺北科技大學
管理學院EMBA大上海專班
107
In the progress of development of martial arts, in the case of cross-regional spread and development, sometimes the messages of the inheritance system could be lost, controversial or wrong, especially when there are members who establish their own subsystem. Compared with the internationalization of karate, taekwondo, judo and aikido, the development of traditional Chinese martial arts often cannot unify resources and development together, due to the various sects or systems lack of mutual trust. Therefore, the progress of the systematic promotion and development is slow. Among the reasons, grade certificate plays a key role. In recent years, because of the development of blockchain technology, technology through machine trust mechanism has become possible. This study collects case data for Taijiquan, Baoding fast wrestling and North Shaolin Long Fist through documents and case interviews to analyze the common characteristics and industrial needs of martial arts, to find out the current industry pain points and application scenarios of martial arts in the grade certificate. At last, the feasibility of applying the blockchain in the martial arts sport was confirmed, and the technical solution of applying the Ethereum blockchain smart contract on the Inter Planetary File System platform was proposed to ensure the safety and credibility of the data of the grade certificate, and to improve the promotion efficiency of martial art.
48
Chen, Chin-Shong, and 陳慶雄. "An Application of Citizen Digital Certificate and WAPI to WLAN Roaming Authentication." Thesis, 2005. http://ndltd.ncl.edu.tw/handle/94126334686249251442.
Full textAbstract:
碩士逢甲大學
資訊工程所
93
With the fashion of internet and the popularization from our government, the amount of WLAN Hot Spot which located on railway station, hotel, airport or cafe is increasing obviously. User can get on net simply using a notebook or a PDA to obtain any resource from the internet. Up to the end of 2004, 30 of 158 academies joined the roaming scenario across campus of national high speed network project and 94% of those academies will construct their own WLAN environment in the near future.However, the security insufficiency of IEEE 802.11 which includes user identity authentication and data encryption caused a loophole of risk. SSID and WEP were used for authentication but have been proved to be not safe already. Hence, it would be an important topic to ensure a legitimate user and a safe internet environment.In this paper, we will discuss the authentication method and security of campus WLAN roaming environment and propose a WAPI with Citizen Digital Certificate to design a new way for campus WLAN roaming application. Simply using a digital certification and related public information, roaming between different campus was finally realized.
49
Tang, Shih-chieh, and 唐士傑. "Establishment and Application Analysis of Building Energy Performance Certificate Evaluation Systems in Taiwan." Thesis, 2010. http://ndltd.ncl.edu.tw/handle/05024234503605624370.
Full textAbstract:
碩士國立中山大學
機械與機電工程學系研究所
98
Being located in subtropical climates, the cooling energy accounts for a huge percentage of the total power consumption, and has become the major cause for power shortages. Therefore, building energy conservation strategies has become the major remedy to tackle this problem. In this study, the building energy performance certificate evaluation system has been established, in referencing the European communities systems, while integrating the financial and consumers factors to establish the building labeling system in Taiwan.
50
梁桂芳. "The critical making that integrate application system of internal organization with Citizen Digital Certificate." Thesis, 2007. http://ndltd.ncl.edu.tw/handle/44809585233516505223.
Full text